Unsolved
This post is more than 5 years old
21 Posts
0
126877
Dell Command | PowerShell Provider 1.0 BIOS Passwords
The UEFI BIOS supports several kind of BIOS passwords. These passwords provide different-different level of security to Dell computer.
The majorly used passwords for providing security are Admin (Setup) and System (User) passwords. Both have separate security purpose.
Admin Password
Admin password provides the security by locking all the BIOS features or settings so that these cannot be modified. User can boot and see BIOS settings but cannot modify until he/she provides the correct admin password to the system.
After setting admin password all BIOS settings gets locked except few BIOS settings. These exception are – System password, HDD password and Wireless Switch.
System password
System password provides the security by preventing user from booting the system. User will not be able to see the boot menu (F2/F12) until he/she provides correct system password to the system. Once password given to the system user can also modify the BIOS setup options. In case admin password is also set on the machine, user has to provide admin password also to modify the BIOS settings.
Configuring BIOS passwords using Dell Command | PowerShell Provider (DCPP)
Dell Command | PowerShell Provider can be used to configure admin or system password or both. Dell command | PowerShell Provider has the capability to set, modify and clear these passwords. Dell Command | PowerShell Provider also has the capability to verify whether system has password or not. To know about installing and configuring Dell Command | PowerShell Provider module on your system, refer Download and Installation section in user guide. To download the user guide, click http://www.dell.com/support/home/us/en/19/product-support/product/dell-command-powershell-provider-v1.0/manuals.
Note – To configure passwords, system must have Service Tag.
1. Verifying Admin/System password-
By using DCPP, user can verify whether Dell machine has admin or system password set or not. To verify, use the following commands.
-
- Get-Item -Path DellSmbios:\Security\IsAdminPasswordSet
- Get-Item -Path DellSmbios:\Security\IsSystemPasswordSet
Output of these two commands will be true or false based on whether particular password is set on machine or not.
2. Setting Admin/System password -
Admin and system password both requires minimum 4 and maximum 32 characters. To set the passwords, use the following commands.
-
- Set-Item -Path DellSmbios:\Security\AdminPassword "$AdminPwd"
- Set-Item -Path DellSmbios:\Security\SystemPassword "$SystemPwd"
Note - If system has already admin password set and user wants to set system password also then user needs to provide admin password also by using following command
Set-Item -Path DellSmbios:\Security\SystemPassword "$SystemPwd" -Password "$AdminPwd"
3. Modifying Admin/System password -
To modify, use the following commands.
-
- Set-Item -Path DellSmbios:\Security\AdminPassword “$NewAdminPwd” -Password “$OldAdminPwd"
- Set-Item -Path DellSmbios:\Security\SystemPassword “$NewSystemPwd” -Password “$OldSystemPwd”
4. Clearing Admin/System password -
To modify, use the following commands
-
- Set-Item -Path DellSmbios:\Security\AdminPassword “” -Password “$OldAdminPwd"
- Set-Item -Path DellSmbios:\Security\SystemPassword “” -Password “$OldSystemPwd”
Note –
- Admin password cannot be set if system/HDD password is already set on the system.
- If system is in legacy boot mode, the admin password is required for all UEFI boot paths but if system is in UEFI boot mode than admin password is not required for UEFI boot paths.
- Clearing admin password also clears the system password.
Dependency on Other BIOS features
1. Strong Password
Strong password puts more strict rules on admin and system password. When strong password is disabled, admin password and system password works normally but if enabled,
- Minimum 8 characters are required for setting admin/system password.
- Password must contain at least one upper case and one lower case character.
DCPP can be used to enable/disable this setting by using following commands
- Set-Item -Path DellSmbios:\Security\StrongPassword “Enabled”
- Set-Item -Path DellSmbios:\Security\StrongPassword “Disabled”
2. Password Bypass
This BIOS settings provides the facility to bypass the system password during system restart or resume from standby. If Password bypass is disabled, system will prompt for system password for every restart (if system password is set). If password bypass is set to “Reboot Bypass”, system will not prompt for system password during system restart. If password bypass is set to “Resume Bypass”, system will not prompt for system password during system resume from standby state. If user wants to bypass the password during both reboot and system resume then password bypass can be set as “Reboot and Resume Bypass”.
DCPP can be used to modify this setting by using following commands
- Set-Item -Path DellSmbios:\Security\PasswordBypass “Disabled”
- Set-Item -Path DellSmbios:\Security\PasswordBypass “Reboot Bypass”
- Set-Item -Path DellSmbios:\Security\PasswordBypass “Resume Bypass”
- Set-Item -Path DellSmbios:\Security\PasswordBypass “Reboot and Resume Bypass”
3. Admin Setup Lockout
When user sets the admin password on machine, he/she can see the BIOS setup menu (F2/F12) in the locked mode. Admin password is required only if user wants to modify the bios settings. Admin setup lockout provides more security to the system. If admin setup lockout is enabled and admin password is set than user cannot see the BIOS setup menu (F2/F12) until he/she provides the correct admin password.
DCPP can be used to enable/disable this setting by using following commands
- Set-Item -Path DellSmbios:\Security\AdminPasswordSetup “Enabled”
- Set-Item -Path DellSmbios:\Security\ AdminPasswordSetup “Disabled”
